What is a Hertzbleed computer chip hack and should you worry?
What is a Hertzblade?
What does it mean to you?
How was it discovered?
Can it be repaired?
Am I affected by Hertzbleed?
Yes, most likely.
The Intel security advisory states that all Intel processors are affected. We experimentally confirmed that many Intel processors were affected, including 8th to 11th generation microarchitecture desktop and laptop models.
The AMD security advisory states that many desktops, mobile, and server processors are affected. We have confirmed experimentally that AMD Ryzen processors are affected, including desktop and laptop models of the Zen 2 and Zen 3 microarchitectures.
Other processor vendors (eg, ARM) also implement frequency scaling in their products and have been reported to Hertzbleed. However, we have not confirmed whether or not they are influenced by Hertzbald.
What is the Hertzblade effect?
First, Hertzbleed explains that on modern x86 CPUs, power side-channel attacks can be converted into timing attacks (even remotely!) - which raises the need for any power-metering interface. The reason is that under certain conditions, periodic CPU frequency adjustments depend on the current CPU power consumption, and these adjustments directly translate into execution time differences (eg 1 Hz = 1 cycle per second).
Second, Hertzbleed demonstrates that even when properly implemented at constant time, cipher can still leak via remote timing analysis. The result is that current industry guidelines for how to write constant-time code (such as Intel code) are insufficient to guarantee constant-time execution on modern processors.
Should I be worried?
If you are a regular user and not a coding engineer, you probably don't need to apply a patch or change any configurations at this time. If you are a coding engineer, read on. Also, if you are running a SIKE capsule decompilation server, be sure to post the mitigation described below.
Is there a CVE dedicated to Hertzbleed?
yes. Hertzbleed is tracked under CVE-2022-23823 and CVE-2022-24436 in the Common Vulnerabilities and Vulnerabilities (CVE) system.
Is Hertzbleed an insect?
No, the root cause of Hertzbleed is dynamic frequency scaling, a feature of modern processors, used to reduce power consumption (during low CPU loads) and to ensure the system stays below power and heat limits (during high CPU loads).
When was Hertzblade revealed?
We disclosed our findings, along with proof-of-concept code, to Intel, Cloudflare, and Microsoft in the third quarter of 2021 and to AMD in the first quarter of 2022. Intel originally requested that our results be subject to embargo until May 10, 2022. Subsequently, Intel requested a significant extension of this ban, and we coordinated with them on public disclosure of our findings on June 14, 2022.
Do Intel and AMD plan to release microcode patches to mitigate Hertzbleed?
No, to our knowledge, Intel and AMD do not plan to publish any microcode patches to mitigate Hertzbleed. However, Intel does provide guidelines for mitigating Hertzbleed in software. Cryptographic developers may choose to follow Intel's guidelines to strengthen their libraries and applications against Hertzbleed. For more information, we refer to the official security guidelines (Intel and AMD).
Why did Intel demand a long ban, considering that it does not publish patches?
Is there any business in this area?
Technically, yes. However, it has a significant impact on system-wide performance.
In most cases, a workload-independent workaround for Hertzbleed mitigation is to disable frequency boost. Intel calls this feature "Turbo Boost," and AMD calls it "Turbo Core," or "Precision Boost." Overclocking can be disabled either through the BIOS or at boot time via the overclocking trigger.
In our experiments, when frequency boosting was disabled, the frequency remained constant at the fundamental frequency during the execution of the workload, preventing leakage through Hertzbleed. However, this is not a recommended mitigation strategy as it will greatly affect performance. Furthermore, on some custom system configurations (with lower power limits), data-dependent frequency updates may occur even when frequency boosting is disabled.
What is seki?
SIKE (Supersingular Isogeny Key Encapsulation) is a ten-year-old, extensively studied key encapsulation mechanism. He is currently a finalist in NIST's Post-Quantum Cryptography competition. It has multiple industrial applications and has been the subject of a wild sawing trial. Among its purported advantages is its "well-understood" side-channel position. You can find author names, applications, talks, studies, articles, security analyzes, and more about SIKE on its official website.
What is the key wrapping mechanism?
Key Encapsulation Mechanism is a protocol used for the secure exchange of a symmetric key using asymmetric (public key) cryptography.
How did Cloudflare and Microsoft mitigate the attack on SIKE?
Cloudflare and Microsoft have published mitigation suggested by De Feo et al. (Which, while our paper was under a long ban from Intel, rediscovered how to independently exploit ano0s malicious in SIKE for power side channels). The mitigation consists in verifying, before decoding the capsule, that the ciphertext consists of a pair of linearly independent points in the correct order. The dilution adds 5% capsule decoding performance for CIRCL and 11% for PQCrypto-SIDH.
Is my static cipher library affected?
affected? Yes most likely. vulnerable? Can.
Your constant-time cipher library may be at risk if it is subject to a secret-dependent power leakage, and this leakage extends processes sufficient to cause secret-dependent changes in unit frequency central processing. Future work is needed to systematically study cipher systems that can be exploited via the new Hertzbleed side channel.